RE: Spyware drama!

["Dave Killion" <dkillion () charter net>]

FC,

You could add signatures to an IDS/IPS/IDP system that detects the use of
Spyware, and then hunt down the offending machine.  Would require some work
up-front, but save you time in the long run.  A lot less invasive, as well.

I know some of the major IDS/IPS/IDP vendors are adding those kinds of
signatures to their products now.  If you already own one, you're most of
the way there.  Otherwise, you could either look into one, or set up Snort
on your own.  Many of the Spyware apps use unique "User Agent" HTTP header
fields (i.e. Gator uses UserAgent: Gator).

Just a thought...

-Dave 

> -----Original Message-----
> From: Francisco Mário Ferreira Custódio [mailto:fcustodio () eda pt] 
> Sent: Monday, January 05, 2004 10:08 AM
> To: security-basics () securityfocus com
> Subject: Spyware drama!
>
>
> Hey everybody!
>
> I am having lot's of traffic in my network, due to those 
> boring spywares that my "dear" users install everyday. I use 
> "ad-aware pro" to clean the workstations, but I have 500+ 
> workstations on my network...
>
> So I want to know if you guys ever eard about a tool to 
> scan/clean "spyware"
> by IP address. Like...providing an admin password, the 
> software would sweep a class C network...scanning/cleanning 
> every machine on it. 
>
> Thank you all.
>
> FC
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

Attachment: smime.p7s
Description: